On 21/02/18 01:02:p, Theo Buehler wrote:
> This looks pretty good to me and appears to work in basic testing.
> I'd be willing to get this in provided you address the tiny nits
> below.
Thanks for having a look. Unfortunately I no longer have the time to
maintain this patchset, nor do I maintain
Hi
On Thu, Oct 15, 2020 at 05:52:40PM +1100, Ashe Connor wrote:
> Hi there,
>
> A year or two ago I submitted a patch for adding TLS client certificate
> validation to relayd. At the time it didn't make it in, and I stopped
> pursuing it further.
>
Hi!
> I have patch on top of this which allows to pass remote certificate
> and/or parts of it to backend hosts via http headers.
Did this patch ever arrive and would it also make sense inside httpd
(in addition to relayd)?
--
Markus Läll
Hi again,
Checking in again to see if there's any appetite for this.
Best,
Ashe
On Thu, Oct 15, 2020, at 5:52 PM, Ashe Connor wrote:
> Hi there,
>
> A year or two ago I submitted a patch for adding TLS client certificate
> validation to relayd. At the time it didn't make it in, and I
Hi there,
A year or two ago I submitted a patch for adding TLS client certificate
validation to relayd. At the time it didn't make it in, and I stopped pursuing
it further. (https://marc.info/?l=openbsd-tech=154509330608643=2)
I'd still like to see this landed, if at all possible. I'm
On 18 Dec 2018, at 11:34, Ashe Connor wrote:
> Revised patch follows (includes mandoc changes).
Last bump.
Happy new year!
On Fri, Dec 14, 2018 at 10:58:06AM +0100, Sebastian Benoit wrote:
> The parse and config bits look good.
>
> And the use of tls* looks ok to me too, but I would like to have someone
> more familiar with it to give an ok though.
Sounds good.
> As for style, please make lines not longer than 80
Ashe Connor(a...@kivikakk.ee) on 2018.11.26 05:29:45 +:
> On Fri, Nov 23, 2018 at 04:41:21PM +0100, Sebastian Benoit wrote:
> > > It appears that relayd doesn't support TLS client certificate validation
> > > (in the manner that httpd does with "tls client ca [cafile]"). Would
> > > there be
> On 6 Dec 2018, at 16:17, Ashe Connor wrote:
>
> It's been a week or so, so bumping. (Benno was kind enough to offer a
> review but was time-poor recently.)
Another friendly ping. I'd love to do some more work on relayd but only if
it's desirable/worth someone's time to review.
Cheers,
On Thu, Dec 06, 2018 at 12:46:33PM +, Rivo Nurges wrote:
> I have planned to do it myself for quite long time but never got around
> doing it. In my testing it works great.
Excellent, I'm glad to hear!
> I have patch on top of this which allows to pass remote certificate
> and/or parts of
Hi!
I have planned to do it myself for quite long time but never got around
doing it. In my testing it works great.
I have patch on top of this which allows to pass remote certificate
and/or parts of it to backend hosts via http headers.
Rivo
On Thu, 2018-12-06 at 05:17 +, Ashe Connor
It's been a week or so, so bumping. (Benno was kind enough to offer a
review but was time-poor recently.)
Here's a diff for the manpage too.
Ashe
Index: usr.sbin/relayd/relayd.conf.5
===
RCS file:
On Mon, Nov 26, 2018 at 04:29:40PM +1100, Ashe Connor wrote:
> Wonderful. Here's a first pass at such a patch.
I should add, in addition to the regression test passing, I'm currently
test-running this patch on a live server where client certificates are
mandatory, and it's working well so far.
On Fri, Nov 23, 2018 at 04:41:21PM +0100, Sebastian Benoit wrote:
> > It appears that relayd doesn't support TLS client certificate validation
> > (in the manner that httpd does with "tls client ca [cafile]"). Would
> > there be interest in a patch that added such support?
>
> yes, a patch to
Ashe Connor(a...@kivikakk.ee) on 2018.11.23 05:55:55 +:
> Hi all,
>
> It appears that relayd doesn't support TLS client certificate validation
> (in the manner that httpd does with "tls client ca [cafile]"). Would
> there be interest in a patch that added such support?
yes, a patch to
Hi all,
It appears that relayd doesn't support TLS client certificate validation
(in the manner that httpd does with "tls client ca [cafile]"). Would
there be interest in a patch that added such support?
Apologies if I've missed something obvious here.
Best,
Ashe
16 matches
Mail list logo
